Recent attack on Google in China invoked a number of comments and postmortem analysis and one of them has vindicated my view,
nCircle's Storms believes that one "lesson from this breach is that antivirus software really is dead. For quite a while it's been the least effective tool in the IT enterprise security toolset because it's only effective against known malware. It only takes one piece of customized malware to infiltrate your network."Antivirus is often like looking in the rear vision mirror. It is totally useless until its database has been updated.
In my e-mails with Kurtz he wasn't as bold about declaring the death of antivirus tools, but he did suggest a new approach as well. "There are technologies like whitelisting--McAfee Application Control, that would have prevented successful exploitation of this zero day and many others--without signatures. Companies really need to start augmenting their blacklisting with whitelisting protection technologies."
No comments:
Post a Comment